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Technical Field 

This invention concerns a computerised identity matching management process 
for regulating the issue of secure assets. The invention further concerns a computerised 
identity matching management process for regulating the return of secure assets. In 
5 addition the invention concerns a computerized identity matching management system 
for regulating the issue of, or the return of, secure assets. Finally the invention 
concerns an electronic message for transmission by a biometric capture apparatus 
during a computerized identity matching process. 

10 Background Art 

The concept of iris recognition was developed and patented by Iridian 
Technologies Inc, and their concept patent US 4,641,349 describes the use of the iris to 
identify individuals. US 5,291,560 describes a method by which a biometric, including 
the iris pattern of an individual, can be used as the basis of an identification technique. 
15 Argus Solutions Pty Ltd, developed a computerised identity matching 

management process and associated system. Their patent application 
PCT/AU02/01579 describes managing the provision of identity matching services, for 
instance to enable users to gain appropriate access to service provider's facilities. The 
essence of this invention is the time limit imposed on the period between the issue of 
20 the unique code which initiates the capture process, and the receipt of the biometric 
coded with the code. The same code is only ever issued once. This time limit is 
determined according to the time required for the capture process, and serves to reduce 
the possibility of the introduction of a false biometric. For instance a time limit of 
ninety seconds has been found to be suitable when an iris biometric is to be captured. 

25 

Disclosure of Invention 

In a first aspect, the invention is a computerised identity matching management 
process for regulating the issue of secure assets, the method comprising the steps of: 

identifying an asset having a unique classification identifier; 
30 identifying an issuer of the asset and a receiver of the asset, each comprising the 

steps of: 

a management computer receiving a request, from capture apparatus 
waiting to commence a biometric capture process representative of the issuer of the 
asset or the receiver of the asset, to initiate the capture process; 
35 the management computer responding to the request to return a message to 

the capture apparatus at a first instant in time, the message containing a unique code, 
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and where receipt of the message containing the code at the capture apparatus causes 
initiation of the capture process; 

the management computer, after returning a message, receiving a captured 
biometric representative of the issuer of the asset or representative of the receiver of the 
5 asset from the capture apparatus coded with the code, at a second instant in time; and 

the management computer operating, when the second instant is less than 
a predetermined time later than the first instant, to decode the captured biometric and 
initiate a matching process to find a match for the decoded captured biometric against 
stored records and to generate an identification code representative of the issuer of the 
10 asset or representative of the receiver of the asset when a match is found; 

retrieving the receiver's privilege to determine whether the receiver's privilege 
matches the asset classification identifier, and if a match is determined 

issuing the asset and recording information to form a record relating to the issue 
of the asset. 

15 

An asset is defined as a physical item of value or interest. For instance, the 
assets may include, but not limited to, firearms, weapons, batons, pharmaceutical 
medications and products, narcotics, precious metals, or legal documents. 

The receiver's privilege determines the type of assets which the receiver is 
20 authorised to receive. 

The unique identifier is a means of being able to identify each particular asset. 
For example an asset maybe uniquely identified by a barcode or a radio frequency 
identifier. The unique identifier may be a machine-readable. The unique identifier may 
be tamper-proof such as a barcode which may be securely attached to, or imprinted 
25 directly onto, or into, the asset. In such an instance the identifier may be identified by 
scanning the barcode. 

The method may further include generating an alert if the receiver's privilege 
does not match the asset classification. 

30 1x1 a second aspect, the invention is a computerised identity matching 

management process for regulating the return of secure assets, the method comprising 
the steps of: 

identifying an asset having a unique classification identifier; 

identifying a receiver who seeks to return the asset, comprising the steps of: 
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a management computer receiving a request, from capture apparatus 
waiting to commence a biometric capture process representative of the receiver who 
seeks to return the asset, to initiate the capture process; 

the management computer responding to the request to return a message to 
5 the capture apparatus at a first instant in time, the message containing a unique code, 
and where receipt of the message containing the code at the capture apparatus causes 
initiation of the capture process; 

the management computer, after returning a message, receiving a captured 
biometric representative of the receiver who seeks to return the asset from the capture 
10 apparatus coded with the code, at a second instant in time; and 

the management computer operating, when the second instant is less than 
a predetermined time later than the first instant, to decode the captured biometric and 
initiate a matching process to find a match for the decoded captured biometric against 
stored records and to generate an identification code representative of the receiver 
1 5 when a match is found; 

retrieving the receiver's privilege to determine whether the receiver's privilege 
matches the asset classification identifier, and if a match is determined 

retrieving the asset from the receiver and recording information to form a record 
relating to the retrieval of the asset. 

20 

The process according to the second aspect may also comprise the step of 
identifying an issuer of assets to whom the asset is returned, comprising the steps of: 

a management computer receiving a request, from capture apparatus 
waiting to commence a biometric capture process representative of the issuer, to initiate 
25 the capture process; 

the management computer responding to the request to return a message to 
the capture apparatus at a first instant in time, the message containing a unique code, 
and where receipt of the message containing the code at the capture apparatus causes 
initiation of the capture process; 
30 the management computer, after returning a message, receiving a captured 

biometric representative of the issuer from the capture apparatus coded with the code, 
at a second instant in time; and 

the management computer operating, when the second instant is less than 
a predetermined time later than the first instant, to decode the captured biometric and 
35 initiate a matching process to find a match for the decoded captured biometric against 
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stored records and to generate an identification code representative of the issuer when a 
match is found. 

In a third aspect, the invention is a computerized identity matching management 
5 system for regulating the issue of, or the return o£ secure assets, comprising: 

a data depository to store a records of assets each having a unique asset 
classification identifier, and a record of receivers and respective receiver's privileges; 
an asset identifier for identifying the asset to be issued or to be returned; 
a computer programmed to: 
!0 receive a request, from capture apparatus waiting to commence a 

biometric capture process, to initiate the capture process to identify a receiver who is 
requesting the issue of an asset or the return of an asset; 

respond to the request to return a message to the capture apparatus at a 
first instant in time, the message containing a unique code, and where receipt of the 
15 message containing the code at the capture apparatus causes initiation of the capture 
process; 

after returning a message, receiving a captured biometric from the capture 
apparatus coded with the code, at a second instant in time; and 

when the second instant is less than a predetermined time later than the 
20 first instant, to decode the captured biometric; 

an authentication server to perform a matching process to find a match for the 
decoded captured biometric against stored records and to generate an identification 
code representative of the receiver who is requesting the issue of an asset or the return 
of an asset when a match is found, the server further retrieving the receivers privilege 
25 to determine whether the receiver's privilege matches the asset classification identifier, 
and if a match is determined forming a record relating to the issue of the asset or the 
return of the asset. 

The computer may be further programmed to identify an issuer of assets. 

30 

The record of the assets use may include the date and time that the asset was 
issued by the issuer and received by the receiver. The record of the assets use may 
include the date and time that the issuer received the asset which the receiver returned. 

The computer may be programmed further such that if a match is determined a 
35 message is able to be generated authorising the release of the asset to the receiver. 
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The computer may be programmed further such that if a match is not determined 
the issuer is alerted. 

In a fourth aspect the invention is an electronic message for transmission by a 
5 biometric capture apparatus during a computerized identity matching process to a 
computer after the capture process has been completed, the process for regulating the 
issue of an asset or the return of an asset, the electronic message comprising: 

a captured image of a potential receiver of the asset coded with the unique code 
obtained from the computer; 
10 a record indicating whether the receiver's privilege information matches an 

identifier of the asset and if a match is found a date and time associated with the issue 
of the asset or the return of the asset. 

Brief Description of Drawings 
15 An example of the system will now be described with reference to the 

accompanying drawings; in which: 

Fig. 1 is a schematic diagram of a system used to regulate the issue of and the 
return of secure assets; 

Fig. 2 is a flow chart showing the steps when an asset is released from an asset 
20 store; and 

Fig. 3 is a flow chart showing the steps when an asset is returned to an asset 

store. 

Best Modes for Carrying Out the Invention 

25 . Fig. 1 illustrates a system 100 used to regulate the issue of and the return of 
secure assets. The system 100 includes an Iris Recognition client computer 105 which 
is programmed to receive and transmit messages through a firewall and over the 
Internet to client software 108. The software 108 resides in a PC 115. The software 
1 108 works with PrivatelD software 110 and an iris recognition camera 120 such as the 

30 Panasonic Authenticam which includes a special lens to photograph the eye. 
Alternately, the software 108 may work with PrivatelD software 1 10 and an LG Imager 
125. The Iris Recognition server 135 accepts the iris image which is sent from the 
camera 120. In addition, it confirms the image integrity and then sends it through the 
iris recognition process for verification against records stored in its cache which in turn 

35 is drawn from the secure database 140. 



7 



The database 140 stores asset information, issuer information, receiver 
information, a rights table and an asset log. The issuer information includes for each 
issuer: 

• a 'name field', 

5 • 'iriscode template fields' for the left and right eye of the issuer, and 

• a 'create date field*. 

The receiver information in addition includes a 'privilege field'. 

The asset information includes for each asset ID: 
10 • an * asset name field' 

• a 'create date field' 

• an * asset type field' and 

• an 'asset classification field'. 

The asset log information includes for each draw sequence #: 
15 • an 'issuer ID' 

• a 'receiver ID', 

• a 'time in field' and 

• a 'time out field 3 

20 The software 110, works with a barcode reader 130 which is used to scan a 

secure asset for release or alternatively for its return. 

In this example, the components of the system 100 are installed on site at an 
armoury. The armoury stores secure assets such as firearms. Each firearm stored in the 
armoury has a unique machine-readable, non-removable identification in the form of a 

25 barcode* 

The PC 115 is accessed by dispatching officers who have the authorisation to 
release assets in and out of the armoury. The camera 120 is used to capture an iris 
image of a dispatching officer when the officer is on duty and responsible for the 
release of firearms from the armoury. The camera 120 also operates to capture an 
30 image of a receiving officer each time the officer wishes to draw one or more firearms 
from the armoury and similarly when the officer goes to return the firearms to the 
armoury. 

Figure 2 illustrates the steps required to be undertaken when a firearm is 
requested for release. The dispatching officer starts a session 205. The system is 
35 launched and checks whether identification of the dispatching officer is required 210. 
In the event that biometric identification is requested 215, the client software 108 is 
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launched and captures the Private ID software 1 10 to take control of the camera 120 so 
as to record an image of the dispatching officer's right and left irises, step 220. 

The client software 108 sends a message to the client computer 105 for a 
message authentication code (MAC). The client 105 responds to the request and issues 
5 a MAC. The client software 108 receives the MAC and the Private ID software 110 
commences capture of the dispatching officer's iris. 

To use the Authenticam camera 120, the dispatching officer moves their head so 
that the particular eye being photographed is 43 - 48cm (17 to 19 inches) from the lens. 
The camera 120 sends images to the software 1 10 running on the computer 115. 

10 The PrivatelD software 110 captures a series of digital video images of the 

dispatching officer's eye. Image quality metrics within the PrivatelD software 110 
inspect the images for sufficient quality and iris content to ensure high confidence for a 
successful match outcome. Once a satisfactory image has been culled, the software 110 
provides an audible signal to inform the issuer that the image capture session is 

15 complete, this usually issues within seconds. If a satisfactory image cannot be captured 
within the allotted time (the default is set at 10 seconds), then the software provides an 
error signal. The dispatching officer would then have to restart the process of having 
images of the iris captured 225. 

Once captured, the process of identifying the dispatching officer begins 230. 

20 The client software 108 encrypts the captured image using an appropriate cryptographic 
algorithm. Then it compresses the captured image, codes the compressed image using 
the previously issued MAC and assembles a message for transmission to the client 
computer 105. 

The client computer 105 receives the message and checks it for validity using 
25 MAC, that is to ensure it has been received while the MAC is still valid. The message 
then has its integrity checked using a checksum, and is decompressed and decrypted. It 
is then passed through a Daugman Algorithm, or similar, to create an iriscode. 

The iriscode is then sent to the Iris recognition server 135 which attempts to 
match it with a record in its secure database 140. The 'iriscode template field' in the 
30 issuer information table is searched. The Iris recognition server 135 returns a result to 
the client computer 105 which interprets the result. If the result is a comparison failure, 
that result is logged and the process stops 235. 

If a match is found, the result indicates that the dispatching officer is an 
authorised issuer 240. The process of identifying the firearm which the receiver wishes 
35 to borrow is begun 245. The receiving officer has requested a firearm of type A. The 
dispatching officer retrieves the firearm sought. Embedded onto the handle of the 
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firearm is a barcode. The dispatching officer scans the barcode. The client software 
108 receives the identification number of the firearm and sends it to the Iris recognition 
server 135 which attempts to match it with a record in its secure database 140. The 
'asset type field* in the asset information table is searched. 
5 The Iris recognition server 135 returns a result to the client computer 105 which 

interprets the result. If the result is a comparison failure, that result is logged and the 
process stops 250. 

If the result is that the firearm is recognised 255 issuer asks the potential 
receiving officer whether further firearms are to be issued. If further firearms are 

10 required the process of identifying each of the firearms which the receiver officer 
wishes to borrow is repeated 260 . 

If no further firearms are sought 265 the process of identifying the receiving 
officer and the determining whether the receiving officer has the prerequisite rights to 
borrow the firearm sought is begun 270. 

15 The client software 108 sends a message to the client computer 105 for a MAC. 

The client 105 responds to the request and issues an MAC. The client software 108 
receives the MAC and the Private ID software 1 10 commences capture of the receiving 
officer's iris. The process for the receiving officer is the same as for the dispatching 
officer and it is not necessary to repeat the entirety of that information here. 

20 The captured receiving officers iriscode is then sent to the Iris recognition server ' 

135 which attempts to match it with a record in its secure database 140. The 'iriscode 
template field' in the receiver information table is searched. The Iris recognition server 
135 returns a result to the client computer 105 which interprets the result. 

If the result is that the receiver is not identified, the result is logged and the 

25 process stops 280. If the receiving officer is identified then the process continues 285. 

The iris recognition server then determines whether the identified receiving 
officer is entitled to draw the particular firearm requested. The asset classification for 
the firearm sought is attempted to be matched against the privilege field' in the 
receiver information table. If the receiving officer is not authorised to draw that 

30 particular firearm, the result is logged and the process stops 290. 

If the result is that the receiving officer has the required privilege to draw the 
particular firearm 295 then the 'asset log information table' is written to. Against the 
particular firearm is written the identification of the dispatching officer, the receiving 
officer and the date and time of release. The issuing process is then complete and the 

35 firearm are released 298. 
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At some later stage the firearm is to be returned to the armory. Figure 3 
illustrates the steps involved when the receiving officer attempts to return the asset 300. 
The dispatching officer on duty starts the process 305. The firearm which is being 
returned is scanned by the dispatching officer 310. If the firearm is not identified the 
5 process is logged and stopped 315 and the firearm is left in the possession of the 
receiving officer. Having identified the firearm 320 the 'asset log information table* of 
the particular firearm is retrieved from the database 140. If the identity of the receiving 
officer is not required 325 then the return process stops 370. 

If the identity of the receiving officer is required 330 the client software 108 is 
10 launched and captures the Private ID software 1 10 to take control of the camera 120 so 
as to record an image of the receiving officers right and left irises, step 220. 

The client software 108 sends a message to the client computer 105 for a 
message authentication code (MAC). The client 105 responds to the request and issues 
a MAC. The client software 108 receives the MAC and the Private ID software 110 
15 commences capture of the receiving officer's iris. Once captured, the client software 
108 encrypts compresses and codes the captured image and assembles a message for 
transmission to the client computer 105. 

The client computer 105 receives the message and checks it for validity using 
MAC, that is to ensure it has been received while the MAC is still valid. The message 
20 then has its integrity checked using a checksum, and is decompressed and decrypted. It 
is then passed through a Daugman Algorithm, or similar, to create an iriscode. 

The iriscode is then sent to the Iris recognition server 135 which attempts to 
match it with a record in its secure database 140. The 'iriscode template field' in the 
receiver information table is searched. The Iris recognition server 135 returns a result 
25 to the client computer 105 which interprets the result. If the result is that the receiver is 
not identified, the result is logged and the process stops 340. If the receiver is 
identified then the process continues 345. 

The receiving officer who is returning the particular firearm is then validated 
against the information in the database 140. The 'asset log information table' for the 
30 particular firearm is retrieved. The receiver identity is checked to determine a match, 
is written to. If a match is not detected , the result is logged and the process stops 360. 

If a match is detected 365, then the time out field in the 'asset log information 
table' is written to, the asset is returned to the armoury and the return process is 
complete 370. 

35 
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It will be appreciated by persons skilled in the art that numerous variations 
and/or modifications may be made to the invention as shown in the specific 
embodiments without departing from the spirit or scope of the invention as broadly 
described. The present embodiments are, therefore, to be considered in all respects as 
5 illustrative and not restrictive. 

For example, in an alternative example, the iris recognition client computer, 
server and database may be secured ofFsite at a secure premise. 

The above example, when describing the issue of an asset, comprised the steps 
of identifying an issuer of assets, identifying an asset, identifying a receiver of the asset 
10 and validating whether the receiver is entitled to draw the asset. It should be 
appreciated that the invention is not limited to which order these steps are performed. 
Since the issuer checks out each asset, it is not necessary for the issuer to scan his or 
her iris every time an asset is issued. 

Dated this third day of July 2003 

Argus Solutions Pty Ltd 

Patent Attorneys for the Applicant: 

FBRICE&CO 
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